10.11 Linux Network related 10.12 firewalld and netfilter 10.13 NE

10.11 Linux Network related

Ifconfig View IP yum install net-tools ifup ens33/ifdown ens33

Mii-tool Ens33 and Ethtool ens33 to see if the NIC is connected

Mii-tool ens33 Link Display OK indicates the NIC is connected status
Ethtool ENS33 link detected shown as Yes indicates that the NIC is a connected state
Hostnamectl Set-hostname martinlinux001

DNS configuration file/etc/resolv.conf

/etc/hosts file

10.12 Firewalld and NetFilter

Centos7 temporarily shut down the firewall Setenforce 0 permanent shutdown need to change the configuration file/etc/selinux/config convert selinux=enforcing to Disabled

Close Firewalld
Systemctl Disable FIREWALLD sysemctl stop Firewalld
Yum Install-y iptables-services
Sysemctl Enable Iptables
Systemctl start iptables

10.13 NETFILTER5 Table 5 Chain Introduction

NETFILTER5 table: Filter, NAT, Mangle, raw, security
Filter This table is mainly used to filter the package, is the System preset table, this table is Amin used the most. Built-in three chains of input, output, and forward. Input acts on the package that enters the machine; the output acts on the packet sent by the machine; forward acts on packets that are not related to the machine.

The main use of NAT is network address translation, and there are three of chains. The purpose of the prerouting chain is to change the destination address of a package just as it arrives at the firewall, if necessary. The output chain changes the destination address of the locally generated package. The postrouting chain changes its source address before the package leaves the firewall. The table Amin used a little, but sometimes it is used.

mangle This table is primarily used to mark packets, and then to manipulate which packages according to the tag. The table is hardly used. Unless you want to be a senior network engineer, you don't need to spend a lot of effort on it.

5 Chains of Netfilter5
5 chains are prerouting, INPUT, FORWARD, OUTPUT, postrouting, respectively

Prerouting: Before the packet enters the routing table.
INPUT: The destination is native after routing the table.
FORWARDING: After routing the table, the destination is not native.
Ouput: Generated by the machine, forwarded outward.
Postrouting: Before sending to the NIC interface.

It is summarized in two cases:
The packet is native must pass prerouting---input--output---postrouting
The packet is not native and passes prerouting--forward--postrouting

10.14 iptables Syntax

IPTABLES-NVL//View rules
Iptables-t NAT-NVL//view NAT table rules
-T followed by the table name,-NVL is the rule that looks at the table, where-n means that the host name is not parsed for IP,-L is the listed meaning, and-V indicates that the information listed is more detailed. If you do not add-t, information about the filter table is printed:

Iptables-f iptables-z//Purge rules
No-t default is for the table filter to operate,-F means all the rules are deleted;-Z means to set the packet and the traffic counter Zero

B. Adding/deleting a rule
Iptables-a input-s 192.168.15.132-p tcp--sport 1234-d 192.168.15.136--dport 80-j Drop
This is the addition of a rule that omits-t so it is for the filter table. -a means adding a rule, plus-I to insert a rule,-D to delete a rule, the following input is the chain name, can also be output or forword;-s followed by the source address;-P protocol (TCP, UDP, ICMP);--sport/--dport followed by the source port/destination port, and-D followed by the destination IP (mainly for intranet or extranet);-j Heel action (drop will discard the package, reject is the packet rejection; accept is allowed). -I specifies that the network adapter

Iptables configuration file for the default rule/etc/sysconfig/iptables

10.11 Linux Network related 10.12 firewalld and netfilter 10.13 NE